Custom ID apps can be insecure as well. There are a lot of moving pieces there, from the app's source code itself to the security protocols and processes when someone has an issue with their app login or loses their phone.
Billions of euros were spent to make basic apps for tracking CoV-2 vaccine status and they all failed miserably. If governments couldn't get a basic QR app to be secure when they effectively wrote themselves a blank check, I wouldn't be so sure that the app used to authenticate all of your private government accounts is better implemented.
Billions of euros were spent to make basic apps for tracking CoV-2 vaccine status and they all failed miserably. If governments couldn't get a basic QR app to be secure when they effectively wrote themselves a blank check, I wouldn't be so sure that the app used to authenticate all of your private government accounts is better implemented.